Internal Controls Review & Development

Internal controls are the rules and mechanisms established by an entity to ensure their compliance obligations are being met. In recent years, NERC and regional entities have placed an emphasis on reviewing an entity’s internal controls. Internal controls do not need to be so complicated that you need a full-time person managing them. PCS creates policies and procedures that contain internal controls as part of your everyday operations. Internal controls should be a natural part of your processes.

As noted by NERC, effective controls provide value and help registered entities with the following:

  • self-identify and mitigate reliability risks and compliance issues, which could lead to the ability to self-log and correct lower-risk issues as Compliance Exceptions rather than navigating through the full enforcement process;
  • improve their reliability and security;
  • inform the Compliance Enforcement Authority’s development of the registered entity’s Compliance Oversight Plan (COP); and
  • reduce the burden for audit preparation with a continuous monitoring process rather than a periodic event associated with the registered entity’s preparation for compliance monitoring activity.

Benefits

  • Demonstrate reasonable assurance to mitigate reliability risk
  • Contribute to the Region’s process for developing oversight and monitoring of the entity
  • Ensure reliability and security
  • Help protect against things falling through the cracks. Most internal controls are done without even knowing it, they just aren’t written down.
  • Demonstrates to the regulators that you are watching what you’re doing and checking your processes.